| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MSN Virus wie ENTFERNE ich den richtig?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.06.2010, 00:52
| #1 |
| |  MSN Virus wie ENTFERNE ich den richtig? hallo, ich hab ein ähnliches problem wie naitse91 habe einen geschickten link bekommen diesen geöffnet und auf ausführen geklickt(windows vista),seitdem wird dieser link immer wieder an meine kontaktliste geschickt und mein computer öffnet immer wieder fenster mit werbung.ich habe jetzt bereits wie hier schon beschrieben durch otl einen scan durchgeführt und folgende texte bekommen : extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.06.2010 17:52:26 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,08 Gb Total Space | 5,64 Gb Free Space | 7,04% Space Free | Partition Type: NTFS
Drive D: | 152,81 Gb Total Space | 21,93 Gb Free Space | 14,35% Space Free | Partition Type: NTFS
Drive E: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MARKUS-PC
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Eigene Dateien\mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002FD5A8-0F26-4E9E-8165-4BDB23EE7C0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B7E92B5-311A-4212-A742-6C3871714CB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{16D29749-4BC5-44E9-8617-DA04227287D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1DA77DC3-0D17-4289-9AC2-FFC564E229D4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1E1CFD7E-B020-444F-BA0E-39DEFF370AD2}" = lport=137 | protocol=17 | dir=in | app=system |
"{2BD21225-AF33-41AA-AB5C-4217C5C93AAE}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{49B0F3A7-4CD6-4A50-969E-E49C25CD0D19}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C843016-FF07-437A-A6C0-ACBA9EAF5888}" = lport=138 | protocol=17 | dir=in | app=system |
"{539EB45B-303A-474C-8097-BF5692AE0B02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66011EC1-BE76-4EBB-8CEE-F6A187678D51}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E633D14-3C39-42ED-B392-42238452CD96}" = rport=445 | protocol=6 | dir=out | app=system |
"{85A945FC-4F9C-40E1-B77A-6C500ADFD5F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9540C9EE-CF78-4C75-96F1-2E915FFBB7C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0B6D790-3EA3-4B0E-B241-07A16EF80B89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8E7D849-2A80-46E3-93D1-570CD05DBD3D}" = rport=139 | protocol=6 | dir=out | app=system |
"{DF5D4736-6719-4353-9F1D-4ADEDBC12580}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E0298326-F38F-4CDE-8C0D-531B1AD732D0}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E22248-E65D-4976-BE4A-013A7696B7D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{03AEEE27-B958-4C37-9669-E04474F9DB94}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{074BDE18-F1F8-4310-8C71-78144D2F97CF}" = protocol=6 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"{0C32897E-CB25-448C-A2F2-5EFAC3F1D3B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0F1CC015-3604-45C7-916D-AE2A55A1C493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FFA6342-F6A8-43D5-A2AF-486A52020FD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{20A8B426-C594-4F60-8C6A-6D2468A44B3A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{39D34489-F9F2-4865-BD5C-AB01B503D0CC}" = protocol=6 | dir=in | app=d:\spiele\cod5\codwawmp.exe |
"{3A831634-41AD-476B-9264-5220C18BCE12}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{3CA36795-5FB2-4EFA-95CF-BD88A2705D59}" = protocol=6 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\counter-strike source\hl2.exe |
"{5D4DE7AB-8F91-4EE9-A795-34999C26657F}" = protocol=6 | dir=in | app=d:\spiele\unreal\system\ut2004.exe |
"{66F72285-AE83-48C4-B31D-6D2668461894}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{699B3CD5-AB0D-404C-802D-CE05905D8DBA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6CAFF1A9-0EA6-483F-A2D6-6637CF211E65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{76C35B39-4F0D-4AED-A547-5DB1CA8E79A2}" = protocol=17 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\counter-strike source\hl2.exe |
"{99AF5431-E331-44C7-9EB7-E9A43268C8E1}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe |
"{A407DFBE-6308-491A-B64E-384B7C543A2A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A522FE29-ED4B-4BEF-BDF3-2EB7C526AEF9}" = protocol=17 | dir=in | app=d:\spiele\unreal\system\ut2004.exe |
"{A6C38AA6-12E5-48D6-A530-44D465E244D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A756F059-929F-4BCC-9A62-8138C873DD06}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{AB094AEA-F9BE-4E9A-9131-4D4A4A97043D}" = protocol=17 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"{B24B8B2C-FBDD-4454-A9EB-BBFE31A4C682}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BCC17B9D-68AC-4CB0-B109-56CB6BB001BD}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe |
"{C0A40F48-0B26-450E-B0C0-F8510857A785}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CBAA6A2E-7895-4685-B03B-361899EC55C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFB579E1-FFEC-4B16-AF21-BFF00A547701}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D4111019-D733-4BC1-8120-DD67B6B7CFB1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D45437B7-67D3-489A-A5CA-2E644CC5991D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D61195FC-2945-408D-A10E-4A52BF2BA896}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D62FED09-3315-4F52-9D6A-394B4D773D39}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{DCE1536C-838B-4A98-9668-EF6A463D7D4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEA6A378-A763-4166-87EE-57BBF4BA6EC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E57736FB-ECA9-4A90-AC69-09F7E74D2619}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EF047AEC-7E3F-4CFF-8F51-22D028F583A2}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{FEF4212D-D8E9-495C-9D06-E150B65AC2C8}" = protocol=17 | dir=in | app=d:\spiele\cod5\codwawmp.exe |
"{FF4CBEC8-DDB9-4902-9769-F89980B557D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{09623D41-3E1A-4CB7-B6AE-7FD2998E96A5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0CCA78ED-D3BD-4949-9207-CB9C6F5D5A6E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0CEBB3BC-F3AD-4C13-A9D8-812FC85F023E}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe |
"TCP Query User{104FF35F-6A96-482F-98BD-1BBB8AD13A07}D:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flatout2\flatout2.exe |
"TCP Query User{17EBC1D5-1111-4C96-AA5E-950C13D63B03}D:\spiele\gotcha 2005\gotcha.exe" = protocol=6 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe |
"TCP Query User{1CC19FF1-1BD1-43C9-A334-DA2B0CB6C46D}D:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"TCP Query User{208F0FA8-DC0F-4A93-A510-4C21F3890D47}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe |
"TCP Query User{20B0D85C-5188-4F53-9E95-391F4627D103}D:\spiele\world of padman\wop.exe" = protocol=6 | dir=in | app=d:\spiele\world of padman\wop.exe |
"TCP Query User{222EE9E4-E86E-4DF1-9F58-953B53808E36}D:\spiele\gotcha 2005\gotcha.exe" = protocol=6 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe |
"TCP Query User{357E248D-1F53-46D6-88E6-9674D0BAA63C}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe |
"TCP Query User{370D3144-4D43-482A-A66C-02BB8D86AD07}D:\spiele\world of padman\wop.exe" = protocol=6 | dir=in | app=d:\spiele\world of padman\wop.exe |
"TCP Query User{3D735B7D-154A-46C6-9BFE-AD849D32548B}D:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flatout2\flatout2.exe |
"TCP Query User{3FCD05B5-7B92-48E5-A5AA-4EB0B4D1F813}C:\users\administrator\desktop\spiele lan pati\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\tft\war3.exe |
"TCP Query User{46D59E5C-4B86-4348-9C06-D9A64D01211C}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe |
"TCP Query User{4B5B8571-DFBB-4E8D-835F-72E473AE0A15}C:\users\administrator\desktop\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\tft\war3.exe |
"TCP Query User{5181B45F-3A5E-4223-8F8E-A78D3699510A}C:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"TCP Query User{529AFC4A-5495-43BE-8FB3-1ACABAA89204}D:\spiele\terrorist takedown 2\rungameserver.exe" = protocol=6 | dir=in | app=d:\spiele\terrorist takedown 2\rungameserver.exe |
"TCP Query User{59980532-7040-443F-85AE-D1570883DFD5}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{599BB080-C677-4C08-B6BB-261E11F66199}D:\temp\rar$ex04.935\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex04.935\volley.exe |
"TCP Query User{5A785B82-BCE6-40D8-A22E-77ABB0D3F211}C:\users\administrator\desktop\dlrg\wacraft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\dlrg\wacraft\war3.exe |
"TCP Query User{5C86F235-12A3-4CAF-B89B-E1F07DAFBC51}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe |
"TCP Query User{6C9DE1B8-A630-44C0-B169-06A24F6ACE22}D:\spiele\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe |
"TCP Query User{74EAD64D-C797-4616-9D34-EBA88DE3A7EE}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe |
"TCP Query User{80C8CAB4-4E26-4B9E-AB3B-E877EAE0A66C}C:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe |
"TCP Query User{81358A51-2EFC-42FF-9874-C9E27E2A6F4D}D:\spiele\cod5\codwawmp.exe" = protocol=6 | dir=in | app=d:\spiele\cod5\codwawmp.exe |
"TCP Query User{837ABB38-7C94-4D34-961C-5AEE143C85B0}D:\spiele\rollcage\direct3d\rollcage.exe" = protocol=6 | dir=in | app=d:\spiele\rollcage\direct3d\rollcage.exe |
"TCP Query User{839029B8-D101-4B70-8A7C-6FA4D0283967}D:\spiele\metin\metin2.bin" = protocol=6 | dir=in | app=d:\spiele\metin\metin2.bin |
"TCP Query User{85CB6E71-F358-47D8-89DD-946420FA91D8}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{86C5C525-946E-4713-853C-A85D7225B90D}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"TCP Query User{87535782-620E-4F51-B28C-9E6CD1C361F2}D:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe |
"TCP Query User{883CA803-5795-415D-9434-7F097669F57E}C:\program files\blobby volley 2.0 alpha 6\blobby.exe" = protocol=6 | dir=in | app=c:\program files\blobby volley 2.0 alpha 6\blobby.exe |
"TCP Query User{93EFE4C3-3292-4731-ABE2-77154DA18150}D:\spiele\tft\war3.exe" = protocol=6 | dir=in | app=d:\spiele\tft\war3.exe |
"TCP Query User{966DFE50-734C-40F4-877C-025B24DA3939}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe |
"TCP Query User{96D0A77F-5751-46B3-8497-426DA92E0D8F}D:\temp\rar$ex00.763\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.763\volley.exe |
"TCP Query User{993B2404-F98E-475B-ADBA-470439248D41}D:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe |
"TCP Query User{9A289C49-D4B5-4CC3-B9D1-83095451ADF1}D:\temp\rar$ex00.498\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.498\volley.exe |
"TCP Query User{9B325CF9-C176-48A7-95FA-DE739367682C}D:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe |
"TCP Query User{A06F0269-F056-4CE6-8A03-16EF96BDB0C6}D:\temp\rar$ex00.600\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.600\volley.exe |
"TCP Query User{A6BF8BAD-BCD7-40AC-83EA-8E610826EE42}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe |
"TCP Query User{ACFC2A85-158B-47B4-BFAA-33F08697F948}D:\spiele\tft\war3.exe" = protocol=6 | dir=in | app=d:\spiele\tft\war3.exe |
"TCP Query User{B1DDE29D-16C4-46E9-85AD-3EB2451B2B97}D:\spiele\rollercoaster tycoon\rct.exe" = protocol=6 | dir=in | app=d:\spiele\rollercoaster tycoon\rct.exe |
"TCP Query User{B4001850-DA35-42FC-B063-E3545854E756}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe |
"TCP Query User{C2373F0E-9A70-4C30-9CC0-7D71D6B3E2B9}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe |
"TCP Query User{C47A3F9E-97A0-49ED-B41C-6B732F7036AA}C:\users\administrator\desktop\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe |
"TCP Query User{C58F7A62-62CD-4DB0-B045-D2DE9BEEC6D1}D:\spiele\cod5\codwaw.exe" = protocol=6 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"TCP Query User{C5F7515A-D83B-4C57-8CBA-025357C8DD10}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=6 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe |
"TCP Query User{CCBD13C1-2BBE-4C3C-A7EA-A2D73B57F562}D:\temp\rar$ex00.477\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.477\volley.exe |
"TCP Query User{CE391ED8-560D-40DB-BA69-34C32D7C8254}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"TCP Query User{DC7A5B40-4D4E-4E2E-A40F-3E82635CA03A}D:\spiele\css 1\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\counter-strike source\hl2.exe |
"TCP Query User{E6FF942E-4ACE-4D65-B177-0CEA09F39F19}D:\spiele\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe |
"TCP Query User{EBAAF56B-445D-478E-B4AB-1382A741B93E}D:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe |
"TCP Query User{EFA1F86E-41D7-4FCC-9111-B46EE7C3162E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F4BE6DFA-6E48-44CE-9565-D8A8BCBFA6EB}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=6 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe |
"TCP Query User{F56411C7-2E1B-4160-A6B8-9552C751AD7C}D:\spiele\counter-strike source\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\counter-strike source\counter-strike source\hl2.exe |
"TCP Query User{F6B6CD34-743C-4E8F-8CDC-8AC303A74141}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe |
"TCP Query User{F8804A13-2FEE-4D60-A0CA-4070F32A4D0F}D:\temp\rar$ex00.373\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.373\volley.exe |
"TCP Query User{F92061FA-709C-4DEC-B77B-B9237F869EBD}C:\users\administrator\desktop\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe |
"TCP Query User{FF765F06-8019-4623-A979-B57178C68C03}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe |
"UDP Query User{03D7C2F5-6FD2-4D55-AA62-F09F464366FB}D:\spiele\world of padman\wop.exe" = protocol=17 | dir=in | app=d:\spiele\world of padman\wop.exe |
"UDP Query User{04102C2B-AC48-4592-8EE3-56F0A918275B}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe |
"UDP Query User{0C2554F1-E8E1-4C9A-A7E0-5C3DE749FDF8}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=17 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe |
"UDP Query User{114E4649-33DA-4B07-9031-C4607482C251}D:\spiele\gotcha 2005\gotcha.exe" = protocol=17 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe |
"UDP Query User{15F065C4-9FE5-4710-B0B7-8791154DDD9D}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe |
"UDP Query User{169FB9B1-BAC1-45BF-88A6-72960CD54210}D:\temp\rar$ex00.600\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.600\volley.exe |
"UDP Query User{18A3D339-BB28-437E-B42B-DC4EB114278A}D:\spiele\cod5\codwawmp.exe" = protocol=17 | dir=in | app=d:\spiele\cod5\codwawmp.exe |
"UDP Query User{1C813B73-4612-48FE-82EE-43E05E0617FC}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe |
"UDP Query User{1CE7C081-8D40-4489-BD4E-6548CDE8FA7B}D:\temp\rar$ex00.477\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.477\volley.exe |
"UDP Query User{1EEE82B0-AD97-4F58-92DB-849DBBD5A7B3}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe |
"UDP Query User{1F25BDF1-A318-4AED-BD27-028129C58F0E}D:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe |
"UDP Query User{37AF2D54-F436-4AE0-9072-BC4E2BEB8E25}C:\program files\blobby volley 2.0 alpha 6\blobby.exe" = protocol=17 | dir=in | app=c:\program files\blobby volley 2.0 alpha 6\blobby.exe |
"UDP Query User{3BE2BF15-9436-4A93-98E8-34CD7FC8AB2F}D:\spiele\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe |
"UDP Query User{3CC254F9-E3AF-4BA6-BA71-68D5AC21E93A}D:\spiele\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe |
"UDP Query User{3CD3318D-49EE-4FB6-8CCD-E5E2A11DA34A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3E485C52-2F58-4F18-BE01-A3637543F36D}D:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"UDP Query User{3F0DC674-1ECA-4CC1-B555-BE10D5629570}D:\spiele\tft\war3.exe" = protocol=17 | dir=in | app=d:\spiele\tft\war3.exe |
"UDP Query User{47C35876-1343-419F-9449-00D571B34570}D:\spiele\rollercoaster tycoon\rct.exe" = protocol=17 | dir=in | app=d:\spiele\rollercoaster tycoon\rct.exe |
"UDP Query User{4C336680-36A8-4244-8E27-DC93EC9E692B}C:\users\administrator\desktop\dlrg\wacraft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\dlrg\wacraft\war3.exe |
"UDP Query User{4E92FDBD-BB52-497B-B322-03D56820B42C}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe |
"UDP Query User{4F129F99-7D8E-486D-B705-D7AE876DA754}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{55A70F23-DEA7-44BD-A155-90BD2ADDC32E}D:\spiele\cod5\codwaw.exe" = protocol=17 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"UDP Query User{561E73A0-F785-47A2-B37B-F5382EE9EE23}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=17 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe |
"UDP Query User{5B5B3852-B2B4-4BA8-B18A-359C0533F55B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5BEF97DB-1F6A-4C2E-9DC1-4DBE610C8BAF}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe |
"UDP Query User{60E56DAA-09DE-4B5B-A6D8-E962AC58268F}C:\users\administrator\desktop\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe |
"UDP Query User{646A138A-203A-4751-BD80-003B2DE7096D}C:\users\administrator\desktop\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\tft\war3.exe |
"UDP Query User{699EC9D3-5628-417F-AE5F-36B2B46CBB74}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe |
"UDP Query User{6E4EA5BE-F47D-4826-8699-9C0DE38BCE8B}D:\temp\rar$ex00.763\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.763\volley.exe |
"UDP Query User{6ED42D58-59F5-475E-8D5D-BAB59F34FF8F}D:\temp\rar$ex00.498\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.498\volley.exe |
"UDP Query User{703B5593-5D74-4DBD-B6F9-F6FF0516A3AC}D:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe |
"UDP Query User{70C6331C-C5F0-4414-A863-87CBB65E36E9}D:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe |
"UDP Query User{76ACBA95-6BDD-47C7-9FE2-D04688F5F735}D:\temp\rar$ex04.935\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex04.935\volley.exe |
"UDP Query User{78B1DAE3-A133-4C64-A231-7875AE5BAF67}D:\spiele\world of padman\wop.exe" = protocol=17 | dir=in | app=d:\spiele\world of padman\wop.exe |
"UDP Query User{799BBAC8-FEF3-4C7D-B7C2-3338EA505822}D:\spiele\gotcha 2005\gotcha.exe" = protocol=17 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe |
"UDP Query User{8046AB84-80E6-4135-B151-9CF4AE719128}D:\spiele\terrorist takedown 2\rungameserver.exe" = protocol=17 | dir=in | app=d:\spiele\terrorist takedown 2\rungameserver.exe |
"UDP Query User{936B7D0B-2A56-49A7-9238-65846ECC5BC9}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe |
"UDP Query User{B63FF232-99F5-4DF0-82BA-75BC04064E14}D:\spiele\metin\metin2.bin" = protocol=17 | dir=in | app=d:\spiele\metin\metin2.bin |
"UDP Query User{BA4B6C1C-AAFF-4E6F-BBAE-42DC9D4B1DFD}D:\spiele\css 1\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\counter-strike source\hl2.exe |
"UDP Query User{C4342141-0BAB-4A84-9C57-ABAC19B22836}C:\users\administrator\desktop\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe |
"UDP Query User{C5137E09-9933-498B-9D2E-1ED65E17CF42}D:\temp\rar$ex00.373\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.373\volley.exe |
"UDP Query User{C54B5738-E99F-460E-9DEE-D3AF13C289D3}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe |
"UDP Query User{C6B5F556-836C-41C6-BC96-54BA0568095A}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"UDP Query User{CB851B78-6D54-4FEF-B32B-29C43428A7C5}C:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe |
"UDP Query User{CCC376D3-C96D-48D1-B471-AE38DA0F215B}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe |
"UDP Query User{CDBAF3DD-6F55-4FFB-9D93-4B5060BEE9D7}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe |
"UDP Query User{CEA79047-AF10-4BF5-A0E5-ADCFF64F337E}D:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flatout2\flatout2.exe |
"UDP Query User{CEC83323-74B2-4417-89E9-5651CD4F150A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{D2D1C439-9B0E-4858-9D02-2855C2233B57}D:\spiele\rollcage\direct3d\rollcage.exe" = protocol=17 | dir=in | app=d:\spiele\rollcage\direct3d\rollcage.exe |
"UDP Query User{D39F65FF-6371-4AC8-B9F6-1531256CDC62}C:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"UDP Query User{D91CC26B-8FC5-40D1-B760-0674D422AB00}D:\spiele\counter-strike source\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\counter-strike source\counter-strike source\hl2.exe |
"UDP Query User{DA25F2C0-0733-4E58-9414-8D5FBB327F20}D:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe |
"UDP Query User{E762A71D-C88A-44DB-B77A-17E09A0F248A}D:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flatout2\flatout2.exe |
"UDP Query User{ED074734-70F0-4069-A4F8-F833C177BC05}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{EDDE244E-43AB-43A0-8902-70BEDEDDD9B9}D:\spiele\tft\war3.exe" = protocol=17 | dir=in | app=d:\spiele\tft\war3.exe |
"UDP Query User{F124A206-DBE7-404D-BE87-7C8D174A5E6F}C:\users\administrator\desktop\spiele lan pati\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\tft\war3.exe |
"UDP Query User{F4EDF729-73E6-4645-AB63-77D5F4CD5467}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"UDP Query User{FFCBCE62-F8B7-4686-AF99-88ADD8D22B02}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1102B81E-73F2-339C-E299-C48D7CA32441}" = Catalyst Control Center Graphics Full Existing
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14CF71FD-281E-91AD-941C-BFAA649C1E12}" = CCC Help German
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15422767-809D-8D9C-140D-99B39C9683DA}" = Catalyst Control Center Graphics Full New
"{186DB7E2-1C55-0715-12E1-7FC473D30A4C}" = Catalyst Control Center Graphics Previews Common
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune3.6_Client_pivot
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A1BBC38-2602-B555-24D3-942F01D8DC39}" = CCC Help English
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EADDD5A-DA5B-4314-B6A3-00BF097E14E5}" = Gladiator
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{518FAB61-275A-4977-95B0-4EB92B8FEC70}" = Atlantis Evolution
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6419FBF5-2DB7-FF43-EE67-5448F868D080}" = Catalyst Control Center Core Implementation
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FA7B446-0DE0-C883-9DB4-AC9A35D60735}" = Catalyst Control Center HydraVision Full
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A70700000002}" = Adobe Reader 7.0.7 - Deutsch
"{ACB91656-A3D1-4E5F-82F0-D3E5200F1D06}" = Skins
"{B26E49E2-9521-4677-95CB-63B117D84BD8}" = Gun Metal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3F7C6EB-B6AD-CE5E-46BD-E6DE8EBB6E5A}" = Catalyst Control Center Graphics Previews Vista
"{C8E9FBF9-6CBE-AE9B-C8AB-2C8F5E32140C}" = ccc-core-static
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB1BA2C-34DB-5947-BFFF-F52E3A542514}" = ATI Catalyst Install Manager
"{CCC66778-C62B-D147-A3AC-B6E2FAA61715}" = Fragen-Lern-CD 4.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DDACB061-0C85-8A15-45C9-28415476762B}" = Catalyst Control Center Graphics Light
"{E182BF0C-B1C9-655A-0F65-1E511E8687AD}" = Catalyst Control Center Localization German
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{ECE1F718-CDFD-7A05-BDB9-4D33BFE67D9C}" = ccc-utility
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC5A7E9B-2CAC-6261-7F34-817C6547ABF3}" = Catalyst Control Center InstallProxy
"4StoryDE_is1" = 4Story 3.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"aTube Catcher" = aTube Catcher
"AVery3DChristmas" = www.UselessCreations.com - A Very 3D Christmas Screensaver - Trial Version
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"Brother HL-5050" = Brother HL-5050
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Deer Hunter 2005 Demo_is1" = Deer Hunter - The 2005 Season Demo
"Digitale Bibliothek" = Digitale Bibliothek
"Drakan - Order of the Flame" = Drakan - Order of the Flame
"Eintracht Frankfurt Screensave_is1" = Eintracht Frankfurt Screensave
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Funkyplot_is1" = Funkyplot 1.1.0-pre1
"Gothic" = Gothic
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"GTA2" = GTA2
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Icy Tower v1.4_is1" = Icy Tower v1.4
"Icy Tower_is1" = Icy Tower v1.3
"InstallShield_{3EADDD5A-DA5B-4314-B6A3-00BF097E14E5}" = Gladiator
"InstallShield_{518FAB61-275A-4977-95B0-4EB92B8FEC70}" = Atlantis Evolution
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Mediothek Biologie 1" = Mediothek Biologie 1
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Mplayer.com" = Mplayer.com
"OpenAL" = OpenAL
"Peggle" = Peggle (remove only)
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"tt2_is1" = Terrorist Takedown 2 (1.01)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2009 19:21:17 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8064.206 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: e90 Anfangszeit: 01c9be20bcaf5cf6 Zeitpunkt
der Beendigung: 78
Error - 15.04.2009 19:22:08 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 16.04.2009 05:49:10 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 17.04.2009 08:16:31 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 17.04.2009 11:38:19 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 17.04.2009 19:25:51 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 18.04.2009 06:16:15 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 18.04.2009 08:52:48 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 18.04.2009 14:00:09 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 18.04.2009 18:19:12 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
[ System Events ]
Error - 20.06.2010 08:09:43 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.06.2010 12:35:14 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 25.06.2010 06:59:25 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 26.06.2010 06:01:02 | Computer Name = Markus-PC | Source = DCOM | ID = 10010
Description =
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
Error - 26.06.2010 07:18:50 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
|
|
27.06.2010, 00:53
| #2 |
| | MSN Virus wie ENTFERNE ich den richtig? und otl:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.06.2010 17:52:26 - Run 2 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Administrator\Desktop Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 80,08 Gb Total Space | 5,64 Gb Free Space | 7,04% Space Free | Partition Type: NTFS Drive D: | 152,81 Gb Total Space | 21,93 Gb Free Space | 14,35% Space Free | Partition Type: NTFS Drive E: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARKUS-PC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\Pwacyb.exe () PRC - C:\Users\Public\winvsrnc.exe () PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - D:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - D:\Program Files\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) PRC - C:\Programme\SEC\MagicTune3.6_Client_pivot\GammaTray.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\SEC\Natural Color\NaturalColorLoad.exe () PRC - C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd) PRC - C:\Windows\System32\BRSS01A.EXE (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\RocketDock\RocketDock.dll () MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works) SRV - (EPGService) -- D:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) SRV - (Brother XP spl Service) -- C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (OemBiosDevice) -- C:\Windows\system32\drivers\royal.sys (PARADOX) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron ) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (MagicTune) -- C:\Windows\system32\drivers\MTictwl.sys () DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\Windows\System32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHidFlt2.Sys (Logitech, Inc.) DRV - (fasttx2k) -- C:\Windows\system32\drivers\fasttx2k.sys (Promise Technology, Inc.) DRV - (b57w2k) -- C:\Windows\System32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/ IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data] IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ultras-frankfurt.de/index.php IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.1.11880 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16225&locale=en_US&apn_uid=2F26D38D-63D6-4CAC-881E-5408E4E1835F&apn_ptnrs=QQ&apn_sauid=03B80C56-FCD7-41F7-85C5-DAB50E190779&apn_dtid=YYYYYYYYDE&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Eigene Dateien\real player\browserrecord [2008.01.11 01:00:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: D:\Eigene Dateien\mozilla\components [2010.05.17 12:33:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: D:\Eigene Dateien\mozilla\plugins [2010.05.17 12:33:51 | 000,000,000 | ---D | M] [2008.11.16 18:27:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2010.06.26 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y9dgbjmx.default\extensions [2009.08.11 02:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y9dgbjmx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.26 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y9dgbjmx.default\extensions\toolbar@ask.com [2010.06.26 16:01:06 | 000,002,565 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\askcom.xml [2010.06.26 16:11:09 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-1.xml [2009.12.02 23:16:13 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-2.xml [2010.01.13 11:46:36 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-3.xml [2010.05.22 17:58:52 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-4.xml [2009.09.16 00:02:54 | 000,000,944 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Eigene Dateien\real player\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EPGServiceTool] D:\Program Files\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.) O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe File not found O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe () O4 - HKLM..\Run: [Logitech Utility] C:\Windows\Logi_MwX.Exe (Logitech Inc.) O4 - HKLM..\Run: [Ptipbmf] C:\Windows\System32\ptipbmf.dll (Promise Technology, Inc.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] D:\Eigene Dateien\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] D:\Eigene Dateien\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [Halo2] C:\Windows\System32\sshnas21.DLL () O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [QNB2EB90WX] D:\Temp\Pfd.exe () O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Spiele\Pokerstars\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225824457575&h=5420ffce337c03ef28ec4d2baaa6d195/&filename=jinstall-6u10-windows-i586-jc.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1207573559 (Image Uploader Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} hxxp://80.237.209.20/objects/NpFv415.dll (Flatcast Viewer 4.15) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe File not found O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.11.07 01:17:15 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2004.11.06 02:20:16 | 000,023,040 | R--- | M] () - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2004.11.06 02:20:16 | 000,000,115 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{1a379f08-1880-11de-a05b-001e8c848c07}\Shell\AutoRun\command - "" = J:\menu.exe -- File not found O33 - MountPoints2\{2f5593f6-fdfd-11dd-851f-001e8c848c07}\Shell - "" = AutoRun O33 - MountPoints2\{2f5593f6-fdfd-11dd-851f-001e8c848c07}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{47fd15d1-b7b8-11dc-9cd7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{47fd15d1-b7b8-11dc-9cd7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.EXE -- File not found O33 - MountPoints2\{642101d5-2e3d-11dd-b386-00e018e8807c}\Shell - "" = AutoRun O33 - MountPoints2\{642101d5-2e3d-11dd-b386-00e018e8807c}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O33 - MountPoints2\{94c86d06-4bde-11dd-95de-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{94c86d06-4bde-11dd-95de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2004.11.06 02:20:16 | 000,023,040 | R--- | M] () O33 - MountPoints2\{97713dcc-0d9b-11df-ae36-001e8c848c07}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found O33 - MountPoints2\{99a33ab7-9313-11dd-b955-001e8c848c07}\Shell - "" = AutoRun O33 - MountPoints2\{99a33ab7-9313-11dd-b955-001e8c848c07}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2006.11.02 13:18:47 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{b4db1911-e061-4cc6-aab1-6fe12ea65eac} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept) Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.06.26 17:50:51 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2010.06.26 17:46:13 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe [2010.06.26 14:18:07 | 000,000,000 | ---D | C] -- C:\DVDVideoSoft [2010.06.26 12:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus! [2010.06.26 12:06:32 | 000,000,000 | ---D | C] -- C:\Programme\Messenger Plus! Live [2010.06.24 22:14:25 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2010.06.08 20:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\POPWWPROFILES [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.26 17:57:42 | 007,340,032 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat [2010.06.26 17:51:02 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2010.06.26 17:47:06 | 000,000,262 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.26 17:46:23 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe [2010.06.26 17:32:04 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.26 16:58:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.26 16:58:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.26 15:58:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.26 15:58:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.26 15:58:45 | 2146,623,488 | -HS- | M] () -- C:\hiberfil.sys [2010.06.26 14:57:29 | 004,501,277 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2010.06.26 14:03:49 | 000,164,864 | ---- | M] () -- C:\Windows\Pwacyb.exe [2010.06.26 12:04:16 | 000,164,864 | ---- | M] () -- C:\Windows\Pwacya.exe [2010.06.26 12:04:14 | 000,205,824 | ---- | M] () -- C:\Windows\System32\sshnas21.dll [2010.06.26 11:41:13 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\chrtmp [2010.06.26 02:53:58 | 000,138,464 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.06.24 20:09:11 | 000,096,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.24 20:09:11 | 000,054,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.24 20:09:11 | 000,041,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.24 20:09:11 | 000,012,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.24 20:09:11 | 000,012,092 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.24 19:16:10 | 000,023,985 | ---- | M] () -- C:\Users\Administrator\Documents\Bodybuilding-No-2-2.jpg [2010.06.16 20:32:40 | 000,010,761 | ---- | M] () -- C:\Windows\HCWPNP.INI [2010.06.13 01:20:10 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini [2010.06.08 20:29:15 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Prince of Persia Warrior Within.lnk [2010.05.31 14:39:30 | 000,000,227 | ---- | M] () -- C:\Users\Administrator\Desktop\Half-Life 2 Lost Coast.url [2010.05.30 20:19:40 | 000,000,227 | ---- | M] () -- C:\Users\Administrator\Desktop\Half-Life 2 Deathmatch.url [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.26 15:59:08 | 000,164,864 | ---- | C] () -- C:\Windows\Pwacyb.exe [2010.06.26 12:04:44 | 000,164,864 | ---- | C] () -- C:\Windows\Pwacya.exe [2010.06.26 12:04:30 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.26 12:04:20 | 000,000,262 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.26 12:04:14 | 000,205,824 | ---- | C] () -- C:\Windows\System32\sshnas21.dll [2010.06.26 11:41:13 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\chrtmp [2010.06.24 19:17:27 | 000,023,985 | ---- | C] () -- C:\Users\Administrator\Documents\Bodybuilding-No-2-2.jpg [2010.06.08 20:29:15 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Prince of Persia Warrior Within.lnk [2010.05.31 14:39:30 | 000,000,227 | ---- | C] () -- C:\Users\Administrator\Desktop\Half-Life 2 Lost Coast.url [2010.05.30 20:19:40 | 000,000,227 | ---- | C] () -- C:\Users\Administrator\Desktop\Half-Life 2 Deathmatch.url [2010.01.04 02:55:11 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.01.04 02:54:34 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.09.15 23:01:27 | 000,000,000 | ---- | C] () -- C:\Windows\Eintracht Frankfurt Screensave.ini [2009.07.23 14:57:18 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll [2009.05.27 23:02:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.05.27 23:02:19 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.05.27 23:02:15 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2009.05.27 23:00:04 | 000,032,133 | ---- | C] () -- C:\Windows\Irremote.ini [2009.05.27 22:59:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.05.27 22:57:23 | 000,010,761 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.02.18 22:43:43 | 000,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.01.16 13:49:35 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2008.12.01 22:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.07.07 07:02:14 | 000,010,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.07.07 06:47:18 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.07.07 06:47:11 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2008.06.02 18:56:13 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2008.03.22 12:25:05 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.03.22 12:25:05 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.01.28 22:23:44 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll [2008.01.28 22:23:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.01.12 02:16:13 | 000,000,097 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.01.10 00:56:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\H@tKeysH@@k.DLL [2008.01.08 17:27:13 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.31 19:35:09 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2007.12.31 19:35:09 | 000,000,040 | ---- | C] () -- C:\Windows\BRDIAG.INI [2007.12.31 19:35:09 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini [2007.12.31 19:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\opt_5050.ini [2007.12.31 19:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\BROHL505.INI [2007.12.31 19:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2007.12.31 19:35:08 | 000,026,624 | ---- | C] () -- C:\Windows\System32\BRGSRC32.DLL [2007.12.31 19:35:08 | 000,004,608 | ---- | C] () -- C:\Windows\System32\BRGSRC16.DLL [2007.12.31 19:35:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\BROSNMP.DLL [2007.12.31 19:35:06 | 000,011,604 | ---- | C] () -- C:\Windows\HL-5050.INI [2007.12.31 19:35:04 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2007.12.31 19:35:03 | 000,000,453 | ---- | C] () -- C:\Windows\BRWMARK.INI [2007.12.31 19:35:03 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2007.12.31 19:30:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2007.12.31 19:30:41 | 000,012,062 | ---- | C] () -- C:\Windows\System32\drivers\MTiCtwl.sys [2006.11.02 14:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2010.04.16 20:21:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Agqiv [2008.10.20 19:19:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azihy [2010.02.26 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2010.04.16 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Haedfy [2010.05.29 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ [2009.10.01 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics [2008.05.04 08:33:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Neqeuw [2009.03.22 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teeworlds [2008.02.05 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teleca [2008.10.02 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\zweitgeist [2010.06.26 14:57:52 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.26 17:47:06 | 000,000,262 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.26 17:32:04 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.26 00:07:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe [2009.02.14 17:43:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AdobeUM [2010.04.16 20:21:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Agqiv [2010.01.15 00:52:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer [2007.12.31 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI [2009.04.16 16:31:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVS4YOU [2008.10.20 19:19:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azihy [2008.02.28 23:04:45 | 000,000,000 | R--D | M] -- C:\Users\Administrator\AppData\Roaming\Brother [2010.02.26 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2008.07.24 01:28:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX [2010.03.13 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss [2008.01.01 02:55:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Google [2010.04.16 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Haedfy [2010.05.29 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ [2007.12.31 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities [2009.10.01 16:53:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield [2009.10.01 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics [2007.12.31 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2006.11.02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2009.01.23 12:42:07 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2008.12.09 22:51:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC [2008.11.16 18:27:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla [2008.05.04 08:33:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Neqeuw [2009.12.12 02:13:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real [2008.02.05 20:42:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Ericsson [2010.04.27 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2 [2009.03.22 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teeworlds [2008.02.05 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teleca [2009.06.20 18:54:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc [2008.05.02 23:26:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR [2008.06.30 23:39:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xfire [2008.10.02 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\zweitgeist < %APPDATA%\*.exe /s > [2009.01.05 20:46:54 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{FC5A7E9B-2CAC-6261-7F34-817C6547ABF3}\ARPPRODUCTICON.exe [2010.02.22 11:51:19 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Administrator\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.05.30 16:28:36 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Administrator\AppData\Roaming\Real\Update\setup3.10\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.14 21:32:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2008.02.14 21:32:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 21:32:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 21:32:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < MD5 for: SCECLI.DLL > [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USERINIT.EXE > [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.02.18 22:43:43 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2007.12.31 17:50:19 | 007,041,024 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.12.31 17:50:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.12.31 17:50:19 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.12.31 17:50:30 | 016,109,568 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.12.31 17:50:32 | 006,062,080 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.12.01 22:47:29 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2007.12.31 18:42:16 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > was soll ich jetzt tun? wäre super wenn mir jemand helfen könnte.danke schonmal im vorraus  |
|
03.07.2010, 02:15
| #3 |
| | MSN Virus wie ENTFERNE ich den richtig? also mittlerweile ist es so dass der msn virus also das verschicken von links weg ist sich jedoch immer wieder werbefenster öffnen.kann ich das iwie verhindern?
__________________ |
|
| Themen zu MSN Virus wie ENTFERNE ich den richtig? |
| call of duty, counter-strike source, firefox.exe, gmx.de, grand theft auto, install.exe, location, oldtimer, saver, schattenkopien, shell32.dll, studio, tower, vlc media player, windows system, windows-sicherheitscenter, world at war |
Linear-Darstellung
